By Ross Baker
On the 14th of January 2020, Microsoft will be retiring its popular Windows Server 2008 and Server 2008 R2 products. This leaves businesses with a difficult choice: stick with the OS and pay for expensive extended support, spend time and resources on migration, or leave the company exposed to cyber-threats.
The good news is that there’s a better, lower cost option that will enable you to keep running Server 2008 whilst mitigating cyber risk and avoiding major disruption – invest in comprehensive server security.
Wait-and-see won’t do
Speaking to numerous businesses over recent weeks, a worryingly high number are prepared to adopt a wait-and-see policy (WASP) following the end of Server 2008 support on 14 January 2020. This amounts to an extreme hedging of bets and something we would definitely not recommend.
Without Microsoft support, customers will no longer have access to security updates for Windows 2008. Unsupported servers will become be exposed to attacks exploiting vulnerabilities found after January 2020. This is more likely than you think: the black hats know there will be many organisations that may be running exposed servers and will be putting more resources into finding these bugs.
To make matters worse, Microsoft will continue to release fixes for vulnerabilities in current versions of its server OS products which may also affect Server 2008. That’s an open goal for a hacker.
What are the alternatives?
One way out of this bind is to pay for Microsoft extended support, which will deliver security updates beyond the retirement deadline. But be warned, this is not cheap. An analysis of Microsoft’s End of Service FAQs from CRN reveals:
• The cost of Extended Security Updates will be 75% of the Enterprise Agreement or Server & Cloud Enrolment license prices of the latest version of SQL Server/Windows Server
• Firms will be covered for three consecutive 12-month increments following end-of-support, but must pay up-front for the first year
• Organisations that sign-up in the middle of a year must pay for the full year
• Companies that decide not to sign-up for a year and then do so the following year must pay for both years
Why go through all this when there’s an easier and more cost-effective alternative?
Trend Micro Deep Security features a next-generation intrusion prevention system known as “virtual patching” to protect servers and endpoints from threats that target vulnerabilities in critical applications. It will keep your Windows Server 2008 systems safe even from zero-day threats that Microsoft hasn’t yet encountered. Virtual Patching will also:
Buy additional time: for security teams to assess vulnerabilities and test and apply the necessary patches.
Avoid unnecessary downtime: by allowing enterprises to patch according to their own schedule. This mitigates the potential revenue loss caused by unplanned disruptions.
Improve regulatory compliance: such as Cyber Essentials and the Payment Card Industry Data Security Standard (PCI-DSS).
Provide flexibility: by reducing the need to roll-out workarounds or emergency patches.
Given the current threat landscape, WASP is simply not a risk worth taking for your organisation. Whether you need to stick on Windows Server 2008 for financial reasons or because of legacy application support, look to third-party virtual patching to minimise cyber risk and support your business beyond January 2020.
Find out more and how much you could save by visiting https://resources.trendmicro.com/uk-windows-server-end-of-support.html and try out our Windows 2008 End-of-Support Cost Savings Calculator.